<?php
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();

//Mendapatkan semua informasi yang telah divalidasi di client-side
$from_username = $session->username;
if (isset($_GET['id'])) {
    $to_username = $_GET['id']; //dari parameter url
}
else {
    $to_username = $session->username;
}

$content = $_POST['wall_write'];
$date = date("Y-m-d");
$wall_role = 1;

// menghilangkan kemungkinan SQL Injection
$from_username = stripslashes($from_username);
$from_username = mysql_escape_string($from_username);
$to_username = stripslashes($to_username);
$to_username = mysql_real_escape_string($to_username);
$query = "INSERT INTO $database->t_wall (
                from_username,
                to_username,
                content,
                date,
                wall_role
            ) VALUES (
                '$from_username',
                '$to_username',
                '$content',
                '$date',
                '$wall_role'
            )";

if (!$database->execQuery($query)) {
    echo "<script>";
    echo "alert('Failed, please try again')";
    echo "</script>";
    die();
}
if ($_GET['id']!=$session->username) {
    header("location:../profile.php?id=".$to_username."&page=wall");
}
else {
    header("location:../profile.php?page=wall");
}
?>
<script type="text/javascript" src="script/AJAX.js"></script>